Mice & Men

From RiceFamily Wiki
Jump to: navigation, search

Documentation

AUTHENTICATION NOTES

Only one authentication method can be used per user, but different users can have different authentication methods. That means you can have some users log in using AD user authentication, while other users log in using local user authentication.

HTTPS Authentication MUST be configured : https://docs.menandmice.com/display/MM930/Configuring+HTTPS

Active Directory User Authentication vs. Local User Authentication

  • Even when you are using AD User Authentication, you must create users in the Management Console and assign privileges to them using the Men & Mice access system.
  • The only difference between AD vs. local user authentication is that when AD user authentication is used, users are authenticated using the AD User Authentication system before they can access the Management Console.
  • When AD User Authentication is used, the user password is not stored in the Men & Mice software.
  • AD user authentication using Active Directory is only possible when you run Men & Mice Central on a Windows machine (Windows 2003/2008).
  • The machine running Men & Mice Central must be a member in an Active Directory domain or forest.

Configuring Users for AD Authentication

To configure a user to use AD user authentication, do the following:

  1. From the menu, select Tools, Users and Groups.
  2. Select the applicable user from the list. If the desired user is not shown, the user must be added to the application. Refer to Administration Functions—User Management.
  3. When the Properties dialog box display, move to the Authentication field, click the drop-down list, and select the applicable authentication method. (If Men & Mice Central is not running on a Windows machine, only the Men & Mice Suite authentication method displays.)
  4. Click OK. NOTE: When the AD authentication method is selected, the Password field is disabled, since the password is not stored in the Men & Mice Suite.

Active Directory Single Sign-on

(I don't like this idea for a tool like this.)

You can enable the Single Sign-on so that Active Directory users do not have to authenticate when logging in through the Management Console or the Command Line Interface. To enable Active Directory Single Sign-on, do the following:

  1. From the menu bar, select Tools, System Settings.
  2. In the System Settings dialog box, click the General Settings tab.
  3. Select the Allow Single Sign-on option.
  4. Click OK.

When single sign-on is enabled, it is possible to enable sign-on in the web interface if the web application is running on an IIS Server. To enable single sign-on in the web interface, do the following:

  1. Make sure that Single Sign-on and Single Sign-on for web is enabled in the Men & Mice Suite.
  2. Using the IIS Administrator application, select an authentication method other than Anonymous and Basic for the MenandMice web folder.
  3. Edit the file Index.htm in the MenandMice web folder, and change the redirection so SSO=1 argument is specified.
  4. Make Index.htm the default document for the site.